In a serie of blog articles I’ll take a closer look at AWS Cloudformation.
What is AWS Cloudformation?
AWS CloudFormation provides a common language to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. Therefore serves this file as the single source of truth for your cloud environment.
The key concepts in cloudformation are templates, stacks and change sets. I’ll cover this in the next section.
A template is a description of the desired end state of the infrastructure. It can be written in JSON or YAML and contains several sections. The only required section is Resources. That’s were you put the resources you’re going to use. The following example in YAML consists of two resources (ec2 instance and an elastic IP). It creates a t2.micro EC2 instance with a keypair (testkey) and an additional EBS volume. The image-id refers to the AMI that you need. This is region specific. Finally the elastic IP is assigned to the EC2 instance.
AWSTemplateFormatVersion: "2010-09-09" Description: A sample template Resources: MyEC2Instance: Type: "AWS::EC2::Instance" Properties: ImageId: "ami-0ff8a91507f77f867" InstanceType: t2.micro KeyName: testkey BlockDeviceMappings: - DeviceName: /dev/sdm Ebs: VolumeType: io1 Iops: 200 DeleteOnTermination: false VolumeSize: 20 MyEIP: Type: AWS::EC2::EIP Properties: InstanceId: !Ref MyEC2Instance
The EIP is attached to the instanceId via
Ref. This is a builtin function you can use to refer to the logical name of another resource in your template. The value that
Ref returns depends on the resource type. In general is returns the name of the resource, but that’s not always the case. Here you’ll find a table that lists the values returned by common resource types.
In AWS you manage the related resources in a single unit. This is called a stack. A template describes the resources and when Cloudformation executes the template, it creates a stack. You create, update or delete collection of resources by creating, updating and deleting stacks. To prevent unexpected interruptions to the resources in the stack, you can use ChangeSets to review the changes in the template before executing it.
A ChangeSet will allow you to see how the changes will impact your running resources. Rather then updating the resource, cloudformation can also delete and recreate the resource. This depends on the nature of the change. Renaming a RDS database instance for example will recreate a new instance. This definitely will cause downtime to your RDS instance.
So prior performing updating on the stack, cloudformation can create a changset that provides visibility to the actually changes that would be taken.
Basic workflow of CloudFormation
When you create a stack, AWS CloudFormation makes underlying service calls to AWS to provision and configure your resources. Note that AWS CloudFormation can perform only actions that you have permission to do. For example, to create EC2 instances by using AWS CloudFormation, you need permissions to create instances. You’ll need similar permissions to terminate instances when you delete stacks with instances. You use AWS Identity and Access Management (IAM) to manage permissions.
The calls that AWS CloudFormation makes are all declared by your template. For example, suppose you have a template that describes an EC2 instance with a t1.micro instance type. When you use that template to create a stack, AWS CloudFormation calls the Amazon EC2 create instance API and specifies he instance type as t1.micro. The following diagram summarizes the AWS CloudFormation workflow for creating stacks.
If you specify a template stored locally, an S3 bucket is created by Cloudformation and will be used for each cloudformation deployment after that. This is done for each region you’re working in. Before deploying the template, Cloudformation will upload it to the S3 bucket (in your account). It’s also possible to create your own S3 bucket for your templates. In that case you need to specify the location of your S3 bucket before creating or updating your stack.
Next time more about designing templates for Cloudformation.
Vincent Lamers, Linux-consultant @ AT Computing